Ransomware Attack on US Health Care Payment Processor Causes Nine-Day Prescription Market Crisis
In a shocking turn of events, a Russian-speaking ransomware syndicate known as AlphV or Black Cat has successfully targeted the largest US health care payment processor, causing a nine-day crisis in the prescription market. The repercussions of this cyberattack have left pharmacies, health care providers, and patients struggling to fulfill life-saving medication prescriptions.
The attack specifically targeted Optum, a subsidiary of UnitedHealth Group, which operates a nationwide network called Change Healthcare. This network allows health care providers to manage customer payments and insurance claims. With the system compromised, pharmacies were left in a difficult position, unable to accurately calculate insurance coverage for medications. As a result, they had to resort to alternative services or offline methods to meet the urgent needs of patients.
Optum initially disclosed the cyber security issue on February 21, and since then, their services have been severely impacted. However, just before this article was published, Optum announced that it had successfully restored Change Healthcare services. In an update, they stated, “Working with technology and business partners, we have successfully completed testing with vendors and multiple retail pharmacy partners for the impacted transaction types… As a result, we have enabled this service for all customers effective 1 pm CT, Friday, March 1, 2024.”
AlphV is part of a growing trend of ransomware syndicates that operate under a ransomware-as-a-service model. This means that affiliates carry out the actual hacking of victims while utilizing AlphV’s ransomware and infrastructure to encrypt files and negotiate ransoms. The profits are then shared between the parties involved.
In December, law enforcement agencies, including the FBI, made a significant move by seizing a large portion of the AlphV infrastructure. However, AlphV quickly regained control of their site, leading to a back-and-forth struggle between law enforcement and the group. The recent attack on Change Healthcare serves as a clear indication that AlphV remains a formidable threat to critical parts of the US infrastructure.
Rick Pollack, the president and CEO of the American Hospital Association, stated, “The cyberattack against Change Healthcare that began on Feb. 21 is the most serious incident of its kind leveled against a US health care organization.” According to Change Healthcare data, the service processes a staggering 15 billion transactions involving eligibility verifications, pharmacy operations, and claims transmittals and payments. The full extent of the disruption caused by the attack is still unknown.
Optum estimates that as of Monday, over 90 percent of the approximately 70,000 pharmacies in the US had to change their electronic claims processing methods due to the outage. However, they reassured the public that only a small number of patients have been unable to obtain their prescriptions during this challenging period.
This incident highlights the devastating impact ransomware attacks can have on critical infrastructure. Three years ago, a different ransomware group known as Darkside caused a five-day outage of Colonial Pipeline, which supplied around 45 percent of the East Coast’s petroleum products. The resulting fuel shortages caused chaos for airlines, consumers, and filling stations. Similarly, numerous ransomware groups have targeted hospital networks, jeopardizing patient care.
AlphV has played a significant role in the rise of ransomware attacks. In December, the FBI revealed that the group had amassed over $300 million in ransoms. Notably, Caesars Entertainment and MGM-owned casinos fell victim to AlphV ransomware, leading to the shutdown of operations in several Las Vegas casinos. The breach was suspected to be orchestrated by a group of mostly teenagers.
The recent attack on Change Healthcare serves as a stark reminder of the urgent need for enhanced cybersecurity measures to protect critical infrastructure. As ransomware attacks continue to evolve and pose a significant threat, it is crucial for organizations and authorities to collaborate in combating this menace. The health care industry, in particular, must prioritize the security of its systems to ensure the uninterrupted delivery of life-saving medications and patient care.